International Society of Science and Applied Technologies |
|
Cyberattack Predictions with Destination Port | ||||
Author | Richard Zuech
|
|||
Co-Author(s) | John Hancock; Taghi M. Khoshgoftaar
|
|||
Abstract | When analyzing cybersecurity datasets with machine learning, researchers commonly need to consider whether or not to include Destination Port (DP) as an input feature. We assess the impact of Destination Port as a predictive feature by using it as the only (single) input feature with the CSECIC- IDS2018 dataset and three classifiers: LightGBM (LGB), CatBoost (CB), and Categorical Naive Bayes (CNB). Binary classification is applied to CSE-CIC-IDS2018 to predict attack or normal instances with the Area Under the Receiver Operating Characteristic Curve (AUC) and F1 classification performance metrics. All three classifiers strongly agree that including Destination Port as the only input feature results in favorable performance, with AUC scores of 0.9073. In the CSECIC- IDS2018 dataset, some Destination Ports exhibit lopsided distributions between normal and attack traffic.
|
|||
Keywords | Intrusion Detection, Cybersecurity, Destination Port, Machine Learning | |||
Article #: RQD26-160 |
Proceedings of 26th ISSAT International Conference on Reliability & Quality in Design |